A publicly accessible Elasticsearch server stored 24 billion credentials from infostealer malware collections, placing millions of accounts without MFA at acute risk.